CVE-2024-26130

cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

cryptography es un paquete manipulado para exponer recetas y primitivas criptográficas a los desarrolladores de Python. A partir de la versión 38.0.0 y anteriores a la versión 42.0.4, si se llama a `pkcs12.serialize_key_and_certificates` con un certificado cuya clave pública no coincide con la clave privada proporcionada y un `encryption_algorithm` con `hmac_hash` configurado (a través de `PrivateFormat .PKCS12.encryption_builder().hmac_hash(...)`, entonces se produciría una desreferencia del puntero NULL, bloqueando el proceso de Python. Esto se resolvió en la versión 42.0.4, la primera versión en la que se genera correctamente un `ValueError` .

A flaw was discovered in python-cryptography. A NULL pointer dereference can be triggered when a PKCS#12 key and certificate do not match. Specifically, if the pkcs12.serialize_key_and_certificates function is called with a non-matching certificate and private key and an encryption algorithm with hmac_hash set, the Python process may crash, leading to a denial of service.

*Credits: N/A

CVSS Scores

GitHubv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-14 CVE Reserved
2024-02-21 CVE Published
2024-02-22 EPSS Updated
2024-08-14 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (5)

URL	Tag	Source
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55	X_refsource_misc
https://github.com/pyca/cryptography/pull/10423	X_refsource_misc
https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26130	2024-10-10
https://bugzilla.redhat.com/show_bug.cgi?id=2269617	2024-10-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pyca Search vendor "Pyca"		Cryptography Search vendor "Pyca" for product "Cryptography"				>= 38.0.0 < 42.0.4 Search vendor "Pyca" for product "Cryptography" and version " >= 38.0.0 < 42.0.4"		en		Affected